DEV Community

Ciarán Doyle
Ciarán Doyle

Posted on

How to Pick the Right Public DNS Server (And Why It Matters)

#dns #networking #sysadmin #devops

Most people never think about DNS until something breaks. You type in a URL, it loads. Magic. But the DNS resolver your machine talks to has a real impact on how fast pages load, whether dodgy domains get blocked, and how much of your browsing history leaks to third parties.

I've been running a small IT consultancy in the West of Ireland for about 15 years now, mostly working with schools, medical practices, and local businesses. DNS issues come up constantly. And nine times out of ten, the fix starts with "what DNS server are you actually using?"

Why your ISP's default DNS might not be great

In fairness, i've tested this across dozens of different setups, and when you plug in a router, it usually picks up DNS settings from your ISP automatically. That works. But ISP DNS servers tend to be:

  • Slower than alternatives - they're shared across thousands of customers and not always well-maintained
  • Less reliable - outages happen, and when your ISP's DNS goes down, everything looks "broken" even though your connection is fine
  • Missing security features - most ISP resolvers don't support DNSSEC validation or encrypted DNS
  • Sometimes dishonest - some ISPs hijack failed DNS queries to show their own search pages full of ads

Right, none of this means ISP DNS is terrible. For a lot of people it works fine. But if you want better speed, privacy, or reliability, switching takes about 2 minutes.

What actually matters when choosing

There are loads of public DNS servers out there. Google (8.8.8.8), Cloudflare (1.1.1.1), Quad9 (9.9.9.9), OpenDNS, AdGuard - the list goes on. So how do you pick?

1. Speed (latency to you specifically)

In fairness, the fastest DNS server for someone in Tokyo won't be the fastest for someone in Galway. What matters is the round-trip time from your location to the resolver. A server with 5ms latency will feel noticeably snappier than one at 50ms, especially on pages that make dozens of DNS lookups.

You can test this yourself with dig:

dig @8.8.8.8 example.com | grep "Query time"
dig @1.1.1.1 example.com | grep "Query time"
dig @9.9.9.9 example.com | grep "Query time"
Enter fullscreen mode Exit fullscreen mode

Or if you want to compare a wider range of servers without messing about in the terminal, publicdns.info keeps a live-tested directory of thousands of public DNS servers filterable by country. It tests them every 72 hours so you know which ones are actually responding.

2. Privacy

Every DNS query you make tells the resolver which domains you visit. If privacy matters to you, look for resolvers that:

  • Support DNS over HTTPS (DoH) or DNS over TLS (DoT) - encrypts your queries so your ISP can't snoop
  • Have a clear no-logging policy - Cloudflare and Quad9 both publish audited privacy commitments
  • Don't sell or share query data

Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) are generally the strongest here. Google DNS works well but Google's business model is advertising, which makes some people uncomfortable.

3. Security features

Some resolvers go beyond just answering queries:

  • Quad9 blocks known malicious domains by default - proper threat intelligence, not just a blocklist
  • OpenDNS offers configurable filtering categories
  • AdGuard DNS blocks ads and trackers at the DNS level
  • CleanBrowsing provides family-safe filtering

If you're setting up DNS for a school or a home with kids, filtering DNS is one of the easiest wins available.

4. Reliability and uptime

The big providers - Cloudflare, Google, Quad9 - run anycast networks spread across dozens of data centres worldwide. They're about as reliable as it gets. Smaller providers can be fine too, but check whether they've had recent outages.

On publicdns.info, servers are marked with status indicators (OK, TIMEOUT, BAD) so you can see at a glance which ones are actually working right now. That's useful if you're comparing lesser-known options.

My go-to recommendations

For what it's worth, here's what I typically set up for clients:

For general use: Cloudflare (1.1.1.1 / 1.0.0.1) - fast, private, reliable. Hard to beat.

For security-conscious setups: Quad9 (9.9.9.9) - blocks malicious domains, no logging, run by a non-profit.

For families/schools: CleanBrowsing (185.228.168.168) or AdGuard Family (94.140.14.15) - content filtering without needing extra software.

For maximum control: Run your own resolver with Pi-hole or AdGuard Home, using any of the above as upstream. Best of both worlds.

How to change your DNS

On most systems it takes under a minute:

  • Windows: Settings > Network > your adapter > DNS > set to manual, enter the addresses
  • macOS: System Settings > Network > your connection > DNS
  • Linux: edit /etc/resolv.conf or use nmcli / systemd-resolved
  • Router level (recommended): change DNS in your router's WAN settings - covers every device on the network

The way I see it, changing it at the router is what I'd recommend. Do it once and every phone, laptop, and smart TV on your network benefits.

Quick test after switching

After changing DNS, flush your cache and test:

# Windows
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache

# Linux
sudo systemd-resolve --flush-caches

# Then test
dig google.com
Enter fullscreen mode Exit fullscreen mode

If you get a response with a low query time, you're sorted.

Wrapping up

Picking the right DNS isn't complicated, but it does make a real difference. Faster lookups, better privacy, malware blocking - all from changing two numbers in your network settings. If you've never touched your DNS config, it's worth spending 5 minutes on.

And if you want to explore what's out there beyond the big names, have a browse through the server directory at publicdns.info - there are thousands of tested servers across 200+ countries. You might find something faster for your specific location than the usual suspects.

Top comments (0)